# Universal domain allowlist — curated patterns for infrastructure seen universally
# across home lab and self-hosted environments.
#
# Format: one pattern per line.  # inline or full-line comments.  Blank lines ignored.
# Patterns prefixed with "re:" are treated as Python regex (re.search, case-insensitive).
# Patterns without the prefix are matched as fnmatch globs.
#
# This file ships with LogHunter.  It covers reverse-DNS, NTP, CDN, cloud platforms,
# public nameserver infrastructure, and common SaaS endpoints that appear in virtually
# every environment.
#
# Site-specific known-good domains (your own infrastructure, local devices, internal
# services) belong in ~/.loghunter/allowlist.d/domains_user.txt — not here.

# Reverse DNS
re:\.in-addr\.arpa$                                                         # reverse_dns
re:\.ip6\.arpa$                                                             # ipv6_arpa

# mDNS / link-local
re:\.local$                                                                 # mdns_local
re:^_                                                                       # mdns_service

# UUID labels (e.g. device beacons)
re:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}         # uuid

# NTP
re:pool\.ntp\.org$|\.ntp\.org$                                             # ntp

# Akamai CDN
re:\.akamai\.net$|\.akamaiedge\.net$|\.akamai\.com$|\.akamaihd\.net$|\.akadns\.net$|\.akamaized\.net$|\.akamaitechnologies\.com$  # akamai
re:\.akam\.net$|\.edgekey\.net$                                           # akamai_delegation

# Apple / iCloud
re:\.apple\.com$|\.icloud\.com$|\.aaplimg\.com$|\.apple-dns\.net$         # apple_cdn

# Amazon Web Services
re:\.amazonaws\.com$|\.awsglobalaccelerator\.com$|\.cloudfront\.net$      # aws

# Google
re:\.googlevideo\.com$|\.googleapis\.com$|\.gstatic\.com$|\.googleusercontent\.com$|\.googledomains\.com$|\.google\.com$  # google

# Microsoft Azure
re:\.azurefd\.net$|\.azureedge\.net$|\.cloudapp\.azure\.com$|\.azurewebsites\.net$|\.trafficmanager\.net$|\.windows\.net$  # azure
re:\.azure-dns\.com$                                                       # azure_dns

# Sonos (connection-indexed hostnames)
re:conn-i-[0-9a-f]+\..*\.sonos\.com$                                       # sonos_ws

# Amazon / Alexa
re:\.amazonvideo\.com$|\.amazon\.com$|\.amazonalexa\.com$|\.a2z\.com$     # amazon_video

# Oracle Cloud
re:\.oraclecloud\.com$|\.oracle\.com$                                      # oracle_idcs

# Sonos
re:\.sonos\.com$                                                            # sonos

# Dropbox
re:\.dropbox\.com$|\.dropbox-dns\.com$                                     # dropbox

# Zoom
re:\.zoom\.us$                                                              # zoom

# Mozilla
re:\.mozilla\.net$|\.mozilla\.org$|\.mozgcp\.net$                         # mozilla

# Microsoft 365 / Windows
re:\.microsoft\.com$|\.office\.com$|\.live\.com$|\.skype\.com$|\.msidentity\.com$  # microsoft
re:\.windowsupdate\.com$                                                   # windows_update

# Fastly CDN
re:\.fastly\.net$|\.fastly-edge\.com$                                      # fastly

# Piano / TinyPass (paywall SDK)
re:\.tinypass\.com$                                                         # tinypass

# Atlassian / Jira / Confluence
re:\.atlassian\.com$|\.atlassian-dev\.net$|\.atl-paas\.net$               # atlassian

# AWS Route 53 nameservers
re:(^|\.)awsdns-\d+\.\w+(\.\w+)?$                                         # awsdns
re:ns-\d+\.awsdns                                                           # aws_ns

# AWS WAF
re:(^|\.)awswaf\.com$                                                       # awswaf

# OVH nameservers
re:ns\d+\.ovh\.net$|dns\d+\.ovh\.net$                                     # ovh_ns

# UltraDNS
re:\.ultradns\.(net|com|org|info|co\.uk)$                                  # ultradns

# NS1 nameservers
re:\.nsone\.net$                                                            # nsone

# Azure DNS nameservers
re:ns\d+-\d+\.azure-dns\.(com|net|org|info)$                              # azure_ns

# Backblaze B2
re:pod-\d+-\d+-\d+\.backblaze\.com$|pod-\d{3}-\d{4}-\d{2}\.backblaze\.com$|ca\d+\.backblaze\.com$  # backblaze

# Microsoft Edge CDN
re:\.t-msedge\.net$|\.fb-t-msedge\.net$                                   # msedge
re:\.(ax|bx|ln)-\d+\.(ax|bx|ln)(-dc)?-msedge\.net$                       # msedge_cdn

# Generic nameserver hostname patterns (ns1., ns.*, awsdns-, etc.)
re:^ns\d*[-\.]|\.awsdns-|\.ultradns\.|\.cloudns\.|\.constellix\.|\.digicertdns\.|\.domaincontrol\.  # nameservers

# AWS networking diagnostic infrastructure
re:\.prod\.diagnostic\.networking\.aws\.dev$                               # diagnostic_dns

# Oracle DNS infrastructure
re:\.dns\.oraclecloud\.net$                                                 # oracledns

# SentinelOne EDR
re:\.sentinelone\.net$                                                      # sentinelone

# hCaptcha
re:\.hcaptcha\.com$                                                         # hcaptcha

# Sentry error tracking
re:\.sentry\.io$                                                            # sentry

# AT&T local
re:\.attlocal\.net$                                                         # attlocal
